This section explains how to design security for the systems using BDCEP, as follows:
Authenticating for the CEP Server
Designing suitable access permissions
Designing the network
Authenticating for the CEP Server
A superuser of the operating system of the server to which BDCEP is applied can operate the CEP Server.
In addition, authentication is not performed when events are sent to the CEP Server from outside the system. Build a firewall or use event sender business applications to build a system in which authentication is performed when events are sent to the CEP Server.
Designing suitable access permissions
Set suitable access permissions for the files below as a countermeasure to prevent file tampering and destruction.
The table below describes the access permissions to be set for each file.
File | Reference permission | Write permission |
|---|---|---|
Engine configuration file | Superuser | Superuser |
Master data | Engine execution user | None |
Data for investigation | Superuser | Superuser |
The access permissions for files generated by a CEP engine, such as the event log and resource log, will be set automatically.
Designing the network
If the system has been located according to the system configuration supported by BDCEP, a third party will be unable to reference data transmitted over the network.
